

Administrative
Lectures: 
Th, 3:15  5:05, Gates 159 
Instructor: 
Ilya Mironov 
Prerequisite: 
CS255 
Grading: 
CR/NC or letter 
Work load: 
Project 
Topics
Advanced topics class on cryptanalysis of symmetric and publickey
primitives and protocols. We will cover recent collisionfinding attacks
on hash functions, differential and linear cryptanalysis of block ciphers,
numbertheoretic and latticebased methods of attacking publickey
cryptosystems. CS255 is a prerequisite, although most of the lectures will
be selfcontained.
Here is a tentative plan of the course. It will be updated as the
quarter progresses:
Sep 29: 
Hash functions. Attacks exploiting the MerkleDamgard structure (poisoned block, Joux's attack), review of recent collisionfinding attacks on MD4,MD5,SHA0,1. Dobbertin's attack on MD4.

Survey: 
Hash functions: Theory, attacks, and applications.

Demo: 
Example of two .ps files colliding under MD5 (based on M. Daum and S. Lucks files): taxes.ps and broccoli.ps. MD5 calculator is here.

Oct 6: 
Birthday paradox: nonuniform case, memoryless algorithms (Floyd, Brent cyclefinding algorithms), parallelization. Random mapping statistics.
Timememory tradeoffs: permutation, Hellman's, distinguished points, stream ciphers, FiatNaor analysis. 
Oct 13: 
Differential & linear cryptanalyses of DES. Differentials, characteristics, Matsui's pilingup lemma, structures. 
Oct 20: 
Perfectly nonlinear functions. Decorrelation module. Boomerang attack. Nonlinearity of inversion. 
Oct 27: 
AES. BES. XSL. 
Nov 3: 
Stream ciphers. LFSRs. BerlekampMassey algorithm. Correlation attack. Combiners: Geffe's, summation. Shrinking generator. 
Reading: 
James L. Massey, "Shiftregister synthesis and BCH decoding," IEEE Trans. on Information Theory, vol. 15(1), pp. 122127, Jan 1969.

Nov 10: 
Dlog and factoring: generic algorithms (babystep giantstep, Pollard's rho and lambda), index calculus, quardratic sieve. TWINKLE and meshbased algebraic step. 
Nov 17: 
Cryptanalysis of publickey cryptosystems: lattices, Bleichenbacher's attack, short RSA exponent. 
Nov 24: 
Thanksgiving! 
Dec 1: 
Sidechannel attacks: timing attacks against RSA, AES; acoustic attack). Fault attacks: RSA, LFSR. 
Dec 8: 
Project presentations. 
